Spam is one of those annoying things in life we've had to learn to put up with and most of us probably ignore at this point. However, mass spamming has grown to be a large enough problem to take note of due to the fact it has a negative economic impact on productivity and with cybercrime growing the way it is, creates increased risks for people. Because of these effects, the United States and Canadian governments have taken the matter of spam seriously and have been actively working to find ways to circumvent the issue of spam and come up with solutions.
U.S. CAN-SPAM Act of 2003
As a response to the SPAM problem, in 2003 the U.S. Congress passed a law affectionately referred to as the "CAN-SPAM Act." This acronym stands for "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003".
Acts that are illegal under this law include:
- Fraudulent or misleading email titles, subjects or addresses
- An email cannot be sent that contains sexually oriented material without informing the recipient in the subject line
- A working "unsubscribe" option must be offered for at least 30 days past the date an email is sent
- Email cannot be sent to addresses that has been harvested from websites, forums or generated randomly
- Registering for email addresses under a false identity
- Must remove request for removal within a reasonable amount of time upon receiving request
Under the CAN-SPAM law individual recipients cannot bring lawsuits against the spammer, but the U.S. Federal Communications Commission (FCC), the Attorney General (State) and Internet Service Providers (ISP) are eligible to bring litigation against spammers.
CASL is passed in Canada
Passed back in 2010 and put into effect on July 1, 2014, the Canadian government created the CASL (Canada’s Anti-Spam Legislation). Under this law it is prohibited to:
- Send commercial electronic messages without the recipients permission (this includes email, texts and social networks)
- Install computer programs without the owner or an agent’s (i.e. an authorized employee) consent
- Misleading or outright fake representations via online promotion
- Collecting personal data by retrieving through a computer that violates Canadian federal law
- No harvesting is allowed of email addresses without recipient permission
The CRTC (Canadian Radio-Television and Commission), Competition Bureau and Office of the Privacy Commissioner all have jurisdiction over this law.
Statistics Associated with Spam
While both the United States and Canadian governments probably had the best of intentions when designing these laws to try to control spam, do these laws curb the problem? In 2008, 5 years after CAN-SPAM was passed, Network World reported:
“The number of spam messages sent over the Internet every day has grown more than 10-fold, topping 164 billion worldwide in August 2008. Almost 97% of all e-mails are spam, costing U.S. ISPs and corporations an estimated $42 billion a year.” 4
And these emails not only tried to sell products, they increasingly contained malware, a trend that unfortunately continues today.
Statistic Brain, a website that pulls together various types of data, reported spam bots and mailers do make money, citing an October 2014 study conducted by University of California San Diego. 5 This study showed 1.7 million spam mails per day sent out received just 0.0127 percent clicks in response to the emails, yet even with this low percent of conversions, it generated about $7,000 per day for the spammers.
Are These Laws Effective?
Whether or not it anti-spam laws have had a true impact on spam is up for debate, as some reports indicate levels of spam have dropped off a bit (but are still high). Either way, one thing is certain – these types of laws do appear to put pressure on legitimate companies. 6
In order to be compliant, businesses have to spend a lot more time and resources on privacy policies and being cautious on sending out legitimate marketing emails. Unfortunately, this also impacts organizational productivity because the time invested to meet legal requirements takes away from an organization's core business competencies.
Do anti-spam laws deter spammers at all? As an example, the Information Security Office located at the University of Texas El Paso reports:
“In July 2014, the IronPort Antispam System processed a total of 5,623,299 email messages. 4,084,189 of these messages were identified as Spam by our filters, of which 30,880 was Suspected Spam; and 427,638 as Marketing - 72.6% Spam.”
If this is any indicator, spam issues are still very much an issue. The amount of spam generated annually continues to increase and cause congestion for organizations and the general public.
In 2007 Charles Hutchins posted this image on Flickr showing how much spam was in his email box. He posted another image in 2008 showing more than 30K spam emails, saying since the spam folder emptied out every 30 days, he was getting more than 1,000 of these messages a day.
Security issues continue to grow. Weighing the benefits and negatives, the question begs to be asked if laws have really done much good? There is also the fact that spammers are quite savvy at hiding their true identities. Additionally, it is not hard for them to spoof email addresses. Is it really feasible to spend so much time and money on laws? One might be inclined to say no because any passed laws can't necessarily be enforced in a borderless environment. Not to say these laws don't have some successes, but I wonder if overall if the benefits outweigh the costs?
Not every country will be on board with enforcing laws imposed by other countries and, unless the globe is willing to become uniform in laws, it is hard to make Internet-based laws effectively work. In some cases many do respect laws from other governments, but, like copyright laws, often they are ignored. It seems though that more will follow copyright laws than they do with spam. But even then, possibly not be enough to halt the spammers. Especially when scammers and spammers can hide their identities through spoofing and other evasive techniques. While the movement to control spam is an admirable intent, in the long term I wonder, is it a futile one?
Do you think anti-spam laws are worth the effort?